From f88f88dcc58f984f416c160a7a881077169fc8e5 Mon Sep 17 00:00:00 2001 From: Galen Charlton Date: Wed, 27 Oct 2010 08:24:04 -0400 Subject: [PATCH] bug 5301: improve escaping of XML characters in bib output MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit <, >, ', or " in an item call number will no longer make the bib displays break when using XSLT mode. Added a new routine to C4::Koha, xml_escape(), to implement converting &, <, >, ', and " to their corresponding entities. Patch loosely based on work done by Daniel Latrémolière Signed-off-by: Galen Charlton Signed-off-by: Chris Cormack --- C4/Koha.pm | 20 ++++++++++++++++++++ C4/XSLT.pm | 5 ++--- t/Koha.t | 8 +++++++- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/C4/Koha.pm b/C4/Koha.pm index dc2bcfa83b..bd5f5e777b 100644 --- a/C4/Koha.pm +++ b/C4/Koha.pm @@ -61,6 +61,7 @@ BEGIN { &GetNormalizedISBN &GetNormalizedEAN &GetNormalizedOCLCNumber + &xml_escape $DEBUG ); @@ -1190,6 +1191,25 @@ sub GetKohaAuthorisedValuesFromField { } } +=head2 xml_escape + + my $escaped_string = C4::Koha::xml_escape($string); + +Convert &, <, >, ', and " in a string to XML entities + +=cut + +sub xml_escape { + my $str = shift; + return '' unless defined $str; + $str =~ s/&/&/g; + $str =~ s//>/g; + $str =~ s/'/'/g; + $str =~ s/"/"/g; + return $str; +} + =head2 display_marc_indicators my $display_form = C4::Koha::display_marc_indicators($field); diff --git a/C4/XSLT.pm b/C4/XSLT.pm index 1c45e440ff..ddc907759f 100644 --- a/C4/XSLT.pm +++ b/C4/XSLT.pm @@ -210,9 +210,8 @@ sub buildKohaItemsNamespace { } else { $status = "available"; } - my $homebranch = $branches->{$item->{homebranch}}->{'branchname'}; - my $itemcallnumber = $item->{itemcallnumber} || ''; - $itemcallnumber =~ s/\&/\&\;/g; + my $homebranch = xml_escape($branches->{$item->{homebranch}}->{'branchname'}); + my $itemcallnumber = xml_escape($item->{itemcallnumber}); $xml.= "$homebranch". "$status". "".$itemcallnumber."" diff --git a/t/Koha.t b/t/Koha.t index c06a406583..a042f4700c 100755 --- a/t/Koha.t +++ b/t/Koha.t @@ -2,7 +2,7 @@ use strict; use warnings; -use Test::More tests => 2; +use Test::More tests => 5; use_ok('C4::Koha'); @@ -13,3 +13,9 @@ my $date = "01/01/2002"; my $newdate = &slashifyDate("2002-01-01"); ok($date eq $newdate, 'slashifyDate'); + +my $undef = undef; +is(xml_escape($undef), '', 'xml_escape() returns empty string on undef input'); +my $str = q{'"&<>'}; +is(xml_escape($str), ''"&<>'', 'xml_escape() works as expected'); +is($str, q{'"&<>'}, '... and does not change input in place'); -- 2.39.5